1 // 2 // 3 // Copyright 2019 gRPC authors. 4 // 5 // Licensed under the Apache License, Version 2.0 (the "License"); 6 // you may not use this file except in compliance with the License. 7 // You may obtain a copy of the License at 8 // 9 // http://www.apache.org/licenses/LICENSE-2.0 10 // 11 // Unless required by applicable law or agreed to in writing, software 12 // distributed under the License is distributed on an "AS IS" BASIS, 13 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 // See the License for the specific language governing permissions and 15 // limitations under the License. 16 // 17 // 18 19 #ifndef GRPCPP_SECURITY_ALTS_UTIL_H 20 #define GRPCPP_SECURITY_ALTS_UTIL_H 21 22 #include <memory> 23 24 #include <grpc/grpc_security_constants.h> 25 #include <grpcpp/security/alts_context.h> 26 #include <grpcpp/security/auth_context.h> 27 #include <grpcpp/support/status.h> 28 29 struct grpc_gcp_AltsContext; 30 31 namespace grpc { 32 namespace experimental { 33 34 // GetAltsContextFromAuthContext helps to get the AltsContext from AuthContext. 35 // If ALTS is not the transport security protocol used to establish the 36 // connection, this function will return nullptr. 37 std::unique_ptr<AltsContext> GetAltsContextFromAuthContext( 38 const std::shared_ptr<const AuthContext>& auth_context); 39 40 // This utility function performs ALTS client authorization check on server 41 // side, i.e., checks if the client identity matches one of the expected service 42 // accounts. It returns OK if client is authorized and an error otherwise. 43 grpc::Status AltsClientAuthzCheck( 44 const std::shared_ptr<const AuthContext>& auth_context, 45 const std::vector<std::string>& expected_service_accounts); 46 47 } // namespace experimental 48 } // namespace grpc 49 50 #endif // GRPCPP_SECURITY_ALTS_UTIL_H 51